Total
37658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3505 | 1 Polypager | 1 Polypager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | |||||
| CVE-2008-7017 | 1 Cacert | 1 Cacert | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate. | |||||
| CVE-2009-1614 | 1 Gowondesigns | 1 Leap | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0257 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | |||||
| CVE-2008-0564 | 1 Mailman | 1 Mailman | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. | |||||
| CVE-2009-4391 | 2 Daniel Regelein, Typo3 | 2 Dr Blob, Typo3 | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2007-5190 | 1 Alcatel-lucent | 1 Omnivista | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | |||||
| CVE-2008-7132 | 1 Nuked-klan | 1 Nuked-klan | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers to inject arbitrary web script or HTML via the nuked_nude parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3977 | 1 Bwired | 1 Bwired | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1479 | 1 Cyberfrogs | 1 Cfnetgs | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in cyberfrogs.net cfnetgs 0.24 allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2324 | 1 Fckeditor | 1 Fckeditor | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. | |||||
| CVE-2008-0820 | 1 Etomite | 1 Etomite | 2025-04-09 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is $_SERVER['PHP_SELF'], and "This is not an Etomite specific exploit and I would like the report rescinded." | |||||
| CVE-2007-5980 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | |||||
| CVE-2009-2219 | 1 David Degner | 1 Phpcollegeexchange | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/. | |||||
| CVE-2008-6915 | 1 Zeeways | 1 Zeeproperty | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_prop_details.php in Zeeways ZEEPROPERTY 1.0 allows remote attackers to inject arbitrary web script or HTML via the propid parameter. | |||||
| CVE-2009-3263 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." | |||||
| CVE-2008-5944 | 1 Navboard | 1 Navboard | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2007-5370 | 1 Netwin | 1 Dnewsweb | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | |||||
| CVE-2009-1501 | 2 Drupal, Exif | 2 Drupal, Exif | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image. | |||||
| CVE-2008-3028 | 1 Typo3 | 1 Send A Card | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||